Main Vulnerability Database Vulnerabilities #VU54999

#VU54999 Permissions, Privileges, and Access Controls in containerd - CVE-2021-32760

Published: July 20, 2021

Vulnerability identifier: #VU54999

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-32760

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
containerd

Software vendor:
containerd

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to archive package allows chmod of file outside of unpack target directory. A remote attacker can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky.

Remediation

Install updates from vendor's website.

External links

https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
https://github.com/containerd/containerd/releases/tag/v1.4.8
https://github.com/containerd/containerd/releases/tag/v1.5.4

#VU54999 Permissions, Privileges, and Access Controls in containerd - CVE-2021-32760

Description

Remediation

External links

Please verify you're human